Rik Turner , Chief Analyst, Cybersecurity, Omdia January 22, 2026 7 Min Read Source: Gabriel Blaj via Alamy Stock Photo COMMENTARY There are a number of songs (see Esther Philips, Elvis Costello, the Icicle Works), not to mention a horror film, that use the phrase "from a whisper to a scream" in their title. It conveys a dramatic escalation in intensity, volume, or emotional expression, moving from a subtle, quiet state to a high-pitched, intense, or desperate one. Concern across Europe, and indeed the wider world, about excessive dependence on the USA has certainly gone from a whisper in the latter part of the 2010s and into the early 2020s to at least a shout by now. Depending on events in Greenland, it may reach the fevered status of a scream at some point soon. The most high-profile area in which this concern is expressed is, of course, in defense, with non-US NATO members now belatedly ratcheting up their spending to bolster the output of their domestic arms industries, watched anxiously by Ukraine. However, there is also the broader context of technology in general, with cybersecurity being no exception. Silicon Valley Rules First, then, technology generally. In the consumer market, Europeans rely on US providers for all their social media and most of their streaming services (the exception being Stockholm-based Spotify). Most of their phones may be provided by Asian manufacturers like Samsung and Sony, but the apps on them are solidly American. On the corporate IT side of things, Europe's cloud computing market is essentially divided up between the Big Three of AWS, Azure, and GCP (pace OCI). There are, of course, the Chinese providers such as Alibaba, Tencent, and Huawei, but most European organizations shunned them over the past decade, due to concerns about whether their data might end up being seen by the Chinese Communist Party. Now, however, many of them worry that the data they hold in any of the big US cloud service providers (CSPs) might be made available to US authorities. Microsoft vs. United States and the CLOUD Act Data sovereignty has of course been an issue for a lot longer. The landmark incident here was the kerfuffle surrounding the US government's search warrant, served on Microsoft in December 2013, seeking access to customer emails stored in an Irish data center, the customer being a US citizen resident in Ireland. It led to a court case (Microsoft Corp. vs. United States) and raised the question of just how safe from prying eyes in Washington the data resident in a European data center, owned and operated by a US CSP, actually was. It's worth remembering here that Microsoft's lawsuit was rendered moot by Congress passing the 2018 CLOUD Act (the acronym stands for Clarifying Lawful Overseas Use of Data), precisely to address the issues raised by the case. A new warrant was issued under the auspices of that act, and Microsoft complied, handing over the required emails. That case, and the ensuing CLOUD Act, were the curtain-raisers for worries in Europe (and indeed, the rest of the world) about what is now referred to as the "post-territorial" legal framework for obtaining e-evidence. Big Tech Is Seen Genuflecting to the White House However, more recent events, and notably the awkward presence of the CEOs of six of the "Magnificent Seven" US tech giants at President Trump's inauguration in January 2025, have taken those concerns to a whole new level. Alphabet, Amazon, Apple, Meta, Microsoft, and Tesla were all in attendance, with only Nvidia's Jensen Huang being too busy attending Lunar New Year celebrations. However, he has since made up for his absence in other ways, not least by agreeing, in August 2025, to pay the US government 15% of Nvidia's revenue from AI chip sales to China, in order to secure the export licenses. Big Tech's perceived shift, from West Coast indifference to corporate subservience, even stumping up the cash for the East Wing's replacement with a giant ballroom, has not gone unnoticed in the Old Continent. Reports that Microsoft recently blocked access to the email account of the (Netherlands-based) International Criminal Court (ICC) chief prosecutor Karim Khan, after the US government imposed sanctions on the ICC, have further stoked the flames. It is also worth noting that, while individuals' personally identifiable information (PII), protected health information (PHI), and payment card industry (PCI) data, as well as companies' intellectual property (IP) and financial records, constitute the primary sources of concern here, the cybersecurity sector is by no means immune from contagion. The telemetry, logs, and metadata that are its stock in trade could be used to spy on organizations. And even if cyber platforms are deployed on corporate premises, there is the fear of backdoors being added to enable data exfiltration by agencies such as the NSA. Independence Initiatives Across Europe's Public and Private Sectors As a result, calls to find alternative suppliers for corporate tech have multiplied, and there are now numerous projects underway in that direction. Here are some examples from the public sector: The German state of Schleswig-Holstein (Germany) is migrating from Microsoft Office 365 and Windows to open source solutions, including Linux and LibreOffice. In Denmark, municipalities such as Copenhagen and Aarhus are phasing out Microsoft products in favor of local alternatives. The Gaia-X Project is a European initiative launched in 2020 to create a secure, sovereign, and decentralized cloud infrastructure, aiming to provide alternatives to US-dominated cloud services. Although it is a private-sector-led initiative governed by a non-profit association, it is backed by European governments, particularly Germany and France, and aligns with EU strategy to increase digital independence from US/Chinese dominance. The European Digital Infrastructure Consortium (DC EDIC) is a project led by the governments of France, Germany, Italy, and the Netherlands, focused on building and sharing digital tools and infrastructure for public administration. The European Cloud & AI Development Act (CAIDA) is a piece of proposed legislation to boost European cloud and AI capacities and reduce dependency on foreign providers. There are also efforts underway to develop native European large language models in countries such as France and the Netherlands. In the European High-Performance Computing (EuroHPC) project, the European Union is investing in supercomputers located in Europe, again to reduce reliance on US-based AI infrastructure. Moves are also afoot at the corporate level, though companies there have less incentive to publicize them: France led a €1.55 billion capital increase in Eutelsat following its merger with OneWeb, aiming to secure a European-operated low-earth orbit satellite constellation, reducing reliance on US firms Elon Musk's Starlink. While no formal announcement has been made, media reports suggest that aircraft manufacturer Airbus is preparing to migrate mission-critical workloads from US giants (Google and Microsoft) to a European sovereign cloud. European Cloud Providers Exoscale, Elastx, and OVHcloud say they are witnessing a "quiet exodus" of European clients looking to migrate from Amazon Web Services (AWS) , Azure, and Google Cloud. There are signs that companies, as well as governments, are turning to locally hosted, encrypted alternatives to US enterprise application software, such as Nextcloud, Tuta (formerly Tutanota), and Wire. Of course, the beneficiaries of any such "buy European" mindset can be expected to talk up this trend, yet a stream of news stories, conference speeches, lobbying efforts by digital rights NGOs, and even some corporate announcements point to a groundswell of change here. There is even a not-for-profit initiative, dating from September 2024 and known as EuroStack, the explicit objective of which is the development of a complete, independent digital ecosystem, from hardware (chips) to software and cloud storage. Long-term EU watchers will doubtless treat all this with a note of skepticism, not least because the union is renowned for talking a good story, then delivering relatively little, thanks to bureaucracy and policy differences between member countries. Perhaps not too much will ultimately come to pass. However, readers of Orwell's Nineteen Eighty-four may identify longer-term trends of bloc realignment and wonder whether even the lumbering behemoth that is the EU might actually take concrete steps toward a degree of technological self-reliance. Will Perfidious Albion Get on Board? The UK, of course, is no longer a member of the EU and, thanks to linguistic and cultural ties, has often been expanding US companies' first port of call when coming to Europe. However, the country continues to re-evaluate its post-Brexit existence, particularly in the Trump era. There are calls from within civil society for the Cybersecurity and Resilience Bill currently before Parliament to address the UK's reliance not only on US CSPs, but also on the data analytics firm Palantir, for everything from cloud hosting to sensitive public sector systems. The current UK government has so far sought to exploit what it touts as the "special relationship" with Washington to avoid the worst excesses of the tariff wars. It has continued and expanded the relationship with Palantir inherited from its predecessor, awarding the US data integration and analysis giant a £240 million ($322 million) contract in December 2025 to develop the data analytics capabilities of the Ministry of Defence. Whether the Greenland imbroglio forces a change of heart remains to be seen. Read more about: Omdia About the Author Rik Turner Chief Analyst, Cybersecurity, Omdia Rik is chief analyst in Omdia's cybersecurity team, specializing in cybersecurity technology trends, IT security, compliance, and call recording. He provides analysis and insight on market evolution and